<?php

	$qry = "select 
			user.*,
			profile_billing.id as profile_billing,
			profile_customer.id as profile_customer,
			profile_doctor.id as profile_doctor,
			profile_patient.id as profile_patient
			from 
			user
			left join profile_billing on user.id = profile_billing.userId and profile_billing.active = 1
			left join profile_customer on user.id = profile_customer.userId and profile_customer.active = 1
			left join profile_doctor on user.id = profile_doctor.userId and profile_doctor.active = 1
			left join profile_patient on user.id = profile_patient.userId and profile_patient.active = 1
			where 1=1";
	
	/**
	 * get all users
	 */
	$app->get('/user', authorize('user'), function () use ($app, $db, $pdo, $qry) {
		$users = array();
		$sql = $qry;
		if( $_GET["email"] )
		{
			$sql .= " and email = '" . $_GET["email"] . "'";
		}
		if( $_GET["password"] )
		{
			$sql .= " and password = '" . $_GET["password"] . "'";
		}
		if( $_GET["companyId"] )
		{
			$sql .= " and companyId = '" . $_GET["companyId"] . "'";
		}
		foreach ( $pdo->query($sql) as $user)
		{
			$users[] = array (
				"id" => $user["id"],
				"name" => $user["name"],
				"email" => $user["email"],
				"password" => "", // $user["password"],
				"companyId" => $user["companyId"],
				"profilePatient" => $user["profile_patient"],
				"profileBilling" => $user["profile_billing"],
				"profileCustomer" => $user["profile_customer"],
				"profileDoctor" => $user["profile_doctor"]
			);
		}
		$app->response()->header("Content-Type", "application/json");
		echo json_encode( $users );
	});
	
	/**
	 * get user by id
	 */
	$app->get('/user/:id', authorize('user'), function ($id) use ($app, $db, $pdo, $qry) {
		//$user = $db->User()->where("id", $id)->fetch();
		$sql = $qry . " and user.id = '" . $id . "'";
		$user = $pdo->query($sql)->fetch();
		$user = array (
			"id" => $user["id"],
			"name" => $user["name"],
			"email" => $user["email"],
			"password" => "", // $user["password"],
			"companyId" => $user["companyId"],
			"profilePatient" => $user["profile_patient"],
			"profileBilling" => $user["profile_billing"],
			"profileCustomer" => $user["profile_customer"],
			"profileDoctor" => $user["profile_doctor"]
		);
		
		$app->response()->header("Content-Type", "application/json");
		echo json_encode($user);
	});
	
	
	/**
	 * create user
	 */
	$app->post('/user', authorize('user'), function () use ($app, $db) {
		$user = json_decode( $app->request()->getBody(), true );
		$user = $db->User()->insert($user);
		$user = array (
			"id" => $user["id"],
			"name" => $user["name"],
			"email" => $user["email"],
			"password" => "", // $user["password"],
			"companyId" => $user["companyId"]
		);

		$app->response()->header("Content-Type", "application/json");
		echo json_encode($user);
	});
	
	
	/**
	 * update user
	 */
	$app->put('/user/:id', authorize('user'), function ($id) use ($app, $db) {
		$user = json_decode( $app->request()->getBody(), true );
		unset($user["profileDoctor"]);
		unset($user["profilePatient"]);
		unset($user["profileBilling"]);
		unset($user["profileCustomer"]);
		if($user["password"] == "")
		{
			unset($user["password"]);
		}
		
		$db->User("id",$id)->update($user);
		$user = array (
			"id" => $user["id"],
			"name" => $user["name"],
			"email" => $user["email"],
			"password" => "", // $user["password"],
			"companyId" => $user["companyId"]
		);
		
		$app->response()->header("Content-Type", "application/json");
		echo json_encode($user);
	});
	
	
	/**
	 * delete user
	 */
	$app->delete('/user/:id', authorize('user'), function ($id) use ($app, $db) {
		$response = $db->user("id",$id)->delete();
		
		$app->response()->header("Content-Type", "application/json");
		echo json_encode($response);
	});
		
?>